Professional Documents
Culture Documents
JNCIA-ER Lab Manual: Juniper Networks Certified Internet Associate-JNCIA
JNCIA-ER Lab Manual: Juniper Networks Certified Internet Associate-JNCIA
M. Irfan Ghauri
M. Tanzeel Nasir
ESP Press
Copyrights 2011
LAB.
LABS DESCRIPTION
PAGE NO.
11
Static Routing
12
Dynamic Routing
1. RIP
2. OSPF
14
16
Firewall Filtering
1. Simple Firewall Filtering
2. Advance firewall Filtering
18
20
22
Implement VRRP
24
Inter-vlan routing
26
Configuring dhcp
28
10
MLPPP
30
11
Password recovery
31
12
PPP Authentication
33
Lab # 1
Junos Basic
Configuration
After connecting your PC to the Console Port.
LOGIN:root
PASSWORD:abc123
Root @%
To Enter Into Operational Mode From Unix Shell & Vice- Versa.
Root @% cli
Root >
Command prints packet headers to your terminal screen for information sent or
received by the Routing Engine
Root>monitor traffic interface se-0/0/2
Jweb equivalent: Configuration > View and Edit > View Configuration
Text
show candidate
Configuration.
interfaces{
inactive se-0/0/2{
}
Verifying Command
Root> show interfaces
Root> show interface terse
Root>show interface description
Root> show interfaces terse | match fe
10
11
Lab # 2
Accessing Router through Telnet/SSH/HTTP
(Telnet/SSH/HTTP between two Routers)
Configuration
Configuring telnet on R1.
Root@R1# set system services telnet
Root@R1# set system services ssh
Root@R1# set system login user R1 class super-user authentication plain-textpassword
Enter password: abc123
Retype password: abc123
Verifying Commands
Root> show system users
Root> show configu
ration
Root# show system
12
Lab # 3
STATIC Routes
Diagram
IP Address 15.0.0.1
Se-0/0/2
IP Address 10.0.0.10
Fe-0/0/0
IP Address 15.0.0.2
Se-0/0/2
WAN
R1
Host A
IP Address 10.0.0.1
R2
IP Address 20.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Configuration
Configure the Static Route on the Router R1.
Root# set routing-options static route 20.0.0.0/8 next-hop 15.0.0.2
Root# commit
13
14
Lab # 4 (i)
IP Address 10.0.0.10
Fe-0/0/0
IP Address 15.0.0.2
Se-0/0/2
WAN
R1
Host A
IP Address 10.0.0.1
R2
IP Address 20.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Configuration
Enable the RIP protocol on the Router R1.
root@R1# set protocols rip group NAME export policy1
root@R1# set protocols rip group NAME neighbor se-0/0/2
Defining policy :
root@R1# set policy-options policy-statement policy1 from protocol direct
root@R1#set policy-options policy-statement policy1 then accept
15
16
Lab # 4 (ii)
IP Address 15.0.0.2
Se-0/0/2
WAN
IP Address
10.0.0.10
Fe-0/0/0
R1
R2
Host A
IP Address 10.0.0.1
IP Address
20.0.0.10
Fe-0/0/0
Host B
IP Address 20.0.0.1
Configuration
Enable the OSPF protocol on the Router R1.
Root@R1#set protocols ospf area 0.0.0.0 interface Fe-0/0/0
Root@R1#set protocols ospf area 0.0.0.0 interface Se-0/0/2
Or
Root@R1#set protocols ospf area 0.0.0.0 interface all
17
Verifying Commands
Root>show route
Root>show ospf interface
Root>show ospf neighbor
Root>show route protocol ospf
18
Lab # 5
Firewall Filtering
i.Simple Firewall Filtering
Diagram
IP Address 15.0.0.1
Serial-0/0/2
R1
IP Address 15.0.0.2
Serial-0/0/2
WAN
IP Address
20.0.0.10
R2Ft 0Fe-0/0/0
IP Address
10.0.0.10
Fe-0/0/0
FTP Server
WEB Server
IP Address
20.0.0.2
IP Address
20.0.0.1
Host A
IP Address
10.0.0.1
Host B
IP Address
10.0.0.2
IP Address 15.0.0.1
Configuration
Make the Firewall Filter on router R1 such that Host A can not be accessing the
Web & Ftp Server.
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS from
source-address 10.0.0.1/32
Root@R1# set firewall filter FILTER-IN term BLOCK-ALL-PACKETS then
discard
Root@R1# set firewall filter FILTER-IN term ALLOW-OTHERS then accept
19
Verifying commands (Now Host A should not be accessing both Web & FTP
servers. However, Host B should be accessing both Web & FTP Servers)
root# show firewall filter FILTER-NAME
20
IP Address 15.0.0.2
Serial-0/0/2
WAN
IP Address
20.0.0.10
R2Ft 0Fe-0/0/0
IP Address
10.0.0.10
Fe-0/0/0
FTP Server
WEB Server
IP Address
20.0.0.2
IP Address
20.0.0.1
Host A
IP Address
10.0.0.1
Host B
IP Address
10.0.0.2
Configuration
Make the Firewall Filtering on router R1 such that Host A can not be
the Web Server.
accessing
21
Make the Firewall Filtering on router R1 such that Host B can not be accessing the
Ftp Server.
Verifying commands
22
Lab # 6
IP Address 15.0.0.1
Serial 0/0/2
IP Address 10.0.0.10
Fe-0/0/0
IP Address 15.0.0.2
Serial 0/0/2
WAN
R1
R2
IP Address 20.0.0.10
Fe-0/0/0
NAT
Translation Table Of
R1
10.0.0.1
15.0.0.11
10.0.0.2
15.0.0.11
FTP Server
WEB Server
Host A
IP Address
10.0.0.1
Host B
IP Address
10.0.0.2
IP Address
20.0.0.1
IP Address
20.0.0.2
Configuration
Configuring Sp interface
Root#set interfaces sp-0/0/0 unit 0 family inet
Defining Nat Pool
Root#set services nat pool global-out address 15.0.0.11/32
Root#set services nat pool global-out port automatic
Defining Nat rule
Root#set services nat rule nat-out match-direction output
Root#set services nat rule nat-out term nat-with-alg from application-sets junosalgs-outbound
23
Root#set services nat rule nat-out term nat-with-alg then translated source-pool
global-out
Root#set services nat rule nat-out term nat-with-alg then translated translation-type
source dynamic
Verifying commands
Root>sh services nat pool
Root >sh services nat pool detail
Root >clear services stateful-firewall flows
24
Lab #7
Configuring VRRP
Virtual
Router
10.0.0.5
10.0.0.10
L0 15.0.0.1
J2300
VRRP
GROUP
1
10.0.0.20
J2300
L0 15.0.0.1
Host A
IP Address
10.0.0.1
Configuration
Configuration of Vrrp on Router A
Root#set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.10/8 vrrp-group 1
virtual-address 10.0.0.5
25
Verifying Commands
Root>show vrrp
Root>show vrrp interface fe-0/0/0
26
Lab # 8
Inter-VLAN Routing
J2300
Fe-0/0/0
Fe-0/0/0.10
10.0.0.10 / 8
Fe-0/0/0.20
20.0.0.10 / 8
Fa 0/24
2950
Fa 0/1
Fa 0/11
Vlan 10
Vlan 20
Host A
10.0.0.1/8
10.0.0.10
Host B
20.0.0.1/8
20.0.0.10
Configuration
Switch
Switch(config)#vlan 10
Switch(config-vlan)#name vlan-10
Switch(config)#vlan 20
Switch(config-vlan)#name vlan-10
27
Router
Root#set interfaces fe-0/0/0 vlan-tagging
Root #set interfaces fe-0/0/0 unit 10 vlan-id 10
Root #set interfaces fe-0/0/0 unit 10 family inet address 10.0.0.10/8
Root #set interfaces fe-0/0/0 unit 20 vlan-id 20
Root #set interfaces fe-0/0/0 unit 20 family inet address 20.0.0.10/8
Verifying Command
root# show interfaces fe-0/0/0
root# show interfaces fe-0/0/0 | display set
28
Lab # 9
J2300
Host A
Host B
Configuration
Step 1: On Router Create & Configure Dhcp
Root#set system services dhcp pool 10.0.0.0/8
Root#set system services dhcp pool 10.0.0.0/8 router 10.0.0.10
Root#set system services dhcp pool 10.0.0.0/8 address-range low 10.0.0.1 high
10.0.0.12
29
30
Lab #10
MLPPP
IP Address 15.0.0.1
Ls-0/0/0
J2300
IP Address 15.0.0.2
Ls-0/0/0
J2300
Configuration
Configuration of mlppp on router A.
Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.1/8
Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0
Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0
Configuration of mlppp on router B.
Root# set interfaces ls-0/0/0 unit 0 family inet add 15.0.0.2/8
Root# set interfaces se-0/0/2 unit 0 family mlppp bundle ls-0/0/0.0
Root# set interfaces se-0/0/3 unit 0 family mlppp bundle ls-0/0/0.0
Verifying Command
Root> show interfaces ls-0/0/0
31
Lab #11
Password Recovery
Configuration
First Press Power ON Button reboot your router
when below line appear press space bar
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 1 second...
Type boot s at below prompt
Type '?' for a list of commands, 'help' for more detailed help.
Ok boot -s
32
33
Lab # 12
IP Address 15.0.0.1
Se-0/0/2
IP Address 15.0.0.2
Se-0/0/2
WAN
R1
R2
Configuration
CHAP Authentication Configuration for Router R1.
Root#set system host-name R1
Root@R1#set system root-authentication encrypted-password abc123
Root@R1#set interfaces se-0/0/2 encapsulation ppp
Root@R1#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R1#set interfaces se-0/0/2 ppp-options chap local-name R1
CHAP Authentication Configuration for Router R2.
Root#set system host-name R2
Root@R2#set system root-authentication encrypted-password abc123
Root@R2#set interfaces se-0/0/2 encapsulation ppp
Root@R2#set interfaces se-0/0/2 ppp-options chap default-chap-secret abc123
Root@R2#set interfaces se-0/0/2 ppp-options chap local-name R2
Verifing Commands :
Root > show interface terse
Root > show interface se-0/0/2